Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support gcp authentication refresh token #1810

Merged
merged 6 commits into from
Aug 9, 2021
Merged

support gcp authentication refresh token #1810

Changes from 2 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
9864aa6
support GCP authentication refresh token
jhbae200 Aug 2, 2021
1c495e3
check gcp refresh process exit code is 0
jhbae200 Aug 2, 2021
8687ea4
linter formatting, remove wildcard import
jhbae200 Aug 3, 2021
f46d39b
change parsing access token command result.
jhbae200 Aug 5, 2021
5346e85
add test code
jhbae200 Aug 6, 2021
931934f
add optional ProcessBuilder parameter to constructor
jhbae200 Aug 9, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 38 additions & 5 deletions util/src/main/java/io/kubernetes/client/util/authenticators/GCPAuthenticator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,16 @@
*/
package io.kubernetes.client.util.authenticators;

import com.google.gson.Gson;
import io.kubernetes.client.util.KubeConfig;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.time.Instant;
import java.util.Date;
import java.util.Map;
import java.util.*;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wildcard import will fail the lint checker

import java.util.concurrent.TimeUnit;

import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

Expand All @@ -27,6 +33,12 @@ public class GCPAuthenticator implements Authenticator {
static {
KubeConfig.registerAuthenticator(new GCPAuthenticator());
}
private static final String ACCESS_TOKEN = "access-token";
private static final String EXPIRY = "expiry";
private static final String TOKEN_KEY = "token-key";
private static final String EXPIRY_KEY = "expiry-key";
private static final String CMD_ARGS = "cmd-args";
private static final String CMD_PATH = "cmd-path";

private static final Logger log = LoggerFactory.getLogger(GCPAuthenticator.class);

Expand All @@ -37,12 +49,12 @@ public String getName() {

@Override
public String getToken(Map<String, Object> config) {
return (String) config.get("access-token");
return (String) config.get(ACCESS_TOKEN);
}

@Override
public boolean isExpired(Map<String, Object> config) {
Object expiryObj = config.get("expiry");
Object expiryObj = config.get(EXPIRY);
Instant expiry = null;
if (expiryObj instanceof Date) {
expiry = ((Date) expiryObj).toInstant();
Expand All @@ -58,6 +70,27 @@ public boolean isExpired(Map<String, Object> config) {

@Override
public Map<String, Object> refresh(Map<String, Object> config) {
throw new IllegalStateException("Unimplemented");
if (!config.containsKey(CMD_ARGS) || !config.containsKey(CMD_PATH))
throw new RuntimeException("Could not refresh token");
String cmd_path= (String) config.get(CMD_PATH);
String cmd_args = (String) config.get(CMD_ARGS);
List<String> commandList = new ArrayList<>(Arrays.asList(cmd_args.split(" ")));
commandList.add(0, cmd_path);
try {
Process process = new ProcessBuilder().command(commandList).start();
process.waitFor(10, TimeUnit.SECONDS);
if(process.exitValue() != 0) {
throw new IOException("Process exit code: "+process.exitValue());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure that IOException is right here. IllegalStateException(...)?

Copy link
Contributor

@brendandburns brendandburns Aug 2, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, please make the message more descriptive and include the stderr to make the exception more debuggable.

String stderr = IOUtils.toString(process.getErrorStream(), StandardCharsets.UTF_8)
throw new IllegalStateException("Failed to get token (" + process.exitValue() + ") " + stderr

}
String output = IOUtils.toString(process.getInputStream(), StandardCharsets.UTF_8);
String credentialJson = output.substring(output.indexOf("{"), output.lastIndexOf("}")+1);
Gson gson = new Gson();
Map<String, String> jsonMap = gson.fromJson(credentialJson, Map.class);
config.put(TOKEN_KEY, jsonMap.get(TOKEN_KEY));
config.put(EXPIRY_KEY, jsonMap.get(EXPIRY_KEY));
} catch (IOException | InterruptedException e) {
throw new RuntimeException("Could not refresh token", e);
}
return config;
}
}